January 2024

Mandiant’s brute-forced X account exposes perils of skimping on 2FA 2024-01-11 at 19:16 By Connor Jones Speculation builds over whether a nearly year-old policy change was to blame Google-owned security house Mandiant’s investigation into how its X account was taken over to push cryptocurrency scams concludes the “likely” cause was a successful brute-force password attack.… […]

React to this headline:

OpenAI rolls out Team tier because not everyone has enterprise-deep pockets 2024-01-11 at 18:48 By Richard Speed Benefits include no snacking on your sensitive data OpenAI is updating its subscription plans to add a “Team” tier for businesses to sit below its existing Enterprise level.… This article is an excerpt from The Register View Original

React to this headline:

71% of drivers consider buying older cars due to data privacy concerns 2024-01-11 at 18:48 By Data privacy within the automotive industry was analyzed in a report, finding that 72% of drivers are uncomfortable automakers sharing their data. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to

React to this headline:

Chinese company’s rocket debut makes waves by launching from the sea 2024-01-11 at 18:02 By Richard Speed Real-life Kerbal Space Program? A Chinese startup has launched its first rocket from a sea-based platform, sending three satellites into orbit.… This article is an excerpt from The Register View Original Source React to this headline:

React to this headline:

Elon Musk made 1 in 3 Trust and Safety staff ex-X employees, it emerges 2024-01-11 at 17:46 By Lindsay Clark Oz online safety czar receives evidence of cull despite platform reinstating hundreds of banned accounts Twitter, the social media service now calling itself X, executed a 30 percent reduction in its Trust and Safety staff

React to this headline:

Threat Actors Increasingly Abusing GitHub for Malicious Purposes 2024-01-11 at 17:46 By The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to

React to this headline:

Infoseccers think attackers backed by China are behind Ivanti zero-day exploits 2024-01-11 at 17:17 By Connor Jones Customers currently left patchless while attacks are expected to increase Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.… This article is an excerpt from The Register View Original

React to this headline:

Fallon Ambulance announces data breach affecting over 900,000 patients 2024-01-11 at 17:17 By Fallon Ambulance, a medical transportation company based in Boston, is being investigated for a data breach including patient and employee data. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems 2024-01-11 at 17:17 By Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming

React to this headline:

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms 2024-01-11 at 17:17 By A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks,

React to this headline:

Not even poor Notepad is safe from Microsoft’s AI obsession 2024-01-11 at 17:02 By Richard Speed Power user excavates evidence of experimental ‘Cowriter’ feature Windows Notepad is set to be the next recipient of Microsoft’s AI attentions judging by screenshots posted by a Windows Insider user.… This article is an excerpt from The Register View

React to this headline:

Google rings in 2024 with more layoffs – hundreds cut from multiple divisions 2024-01-11 at 16:32 By Brandon Vigliarolo Cuts are a continuation of late-2023 redundancies to help teams better ‘align their resources’ The 2024 layoff season appears to have only begun, with Google cutting hundreds of employees across multiple divisions yesterday. … This article is

React to this headline:

PC ‘price hike’ coming as cost of memory soars – analysts 2024-01-11 at 15:32 By Paul Kunert Scores are on the doors for Q4, as after 2 years shipments grow again… by 0.3% The PC industry has ended a two-year run of declining shipments, by growing 0.3 percent in Q4 of 2023, amid a warning

React to this headline:

How governments become addicted to suppliers like Fujitsu 2024-01-11 at 15:17 By Lindsay Clark Interest in Japanese’s firm’s public sector deals – worth $15B in the UK alone since 2012 – spikes Analysis  Since the broadcast of a television drama telling the story of the Post Office Horizon scandal — one of the most serious

React to this headline:

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths 2024-01-11 at 15:02 By Tom Neaves When I’m carrying out security research into a thing, I generally don’t like to Google prior research right away. I know, this completely goes against how you would (and should!) carry out any research; starting with a literature review

React to this headline: